Top Nav

The Mole Download – Automatic SQL Injection Tool For Windows

Last updated: September 24, 2017 | 58,749 views

The Mole is an automatic SQL Injection tool for SQLi exploitation for Windows and Linux. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.

What is The Mole SQL Injection Tool for Windows & Linux?

The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily. The CLI also provides auto-completion on both commands and command arguments, making the user type as less as possible.

This application is able to exploit both union-based and blind boolean-based injections.

Every action The Mole can execute is triggered by a specific command. All this application requires in order to exploit a SQL Injection is the URL(including the parameters) and a needle(a string) that appears in the server’s response whenever the injection parameter generates a valid query, and does not appear otherwise.

So far, The Mole supports MySQL, MS-SQL and PostgreSQL, but we expect to include other DBMSs in the future.

Features of The Mole SQL Injection Tool

Support for Mysql, Postgres, SQL Server and Oracle.

Automatic SQL injection exploitation using union technique.

Automatic blind SQL injection exploitation.

Exploits SQL Injections in GET/POST/Cookie parameters.

Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.

Exploits SQL Injections that return binary data.

Powerful command interpreter to simplify its usage.

Using The Mole SQL Injection Software

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

-url[URL[PARAM]]:Gets/sets the URL.IfPARAM isgiven thenthe

injection will be performed on that argument.Thiscan also be provided

asan argument tothe application,using the"-u"parameter.

-needle[NEEDLE]:Gets/sets the NEEDLE.Thiscan also be provided asan

argument tothe application,using the"-n"parameter.

-method(GET|POST<param_post>)[vulnerable_param]:Sets the method of

the request toGET orPOST.IncasePOST isgiven the param_post string

will be used asthe POST parameters.Ifvulnerable_param isgiven then

the mole will usethisparameter toinject.

-vulnerable_param[<GET|POST|Cookie>VULNERABLE_PARAM]:Sets/gets the

type andname of the vulnerable parameter tobe exploited by The Mole.

-injectable_field[<FIELD_NUM>]:Sets/gets the field of the query

which will be used toprint the information retrieved when usinga

union technique.

-auth[<basic><USERNAME:PASSWORD>]:Sets/gets the authentication

information used by The Mole ineachrequest.

-follow_redirects[<on|off>]:Sets/gets the follow redirect flag.If

enabled,The Mole will follow http redirects received from the server.

-dbinfo:Fetch current user name,database name andDBMS version.

-usercreds:Fetches the credentials forthe dbms.Usually requires

administrator privileges on the database.

-schemas:Fetches the schemas(databases)from the server.The results

obtained will be cached,so further calls tothiscommand will return

the cached entries.See"fetch"command.

-tables<SCHEMA>:Fetches the tables forthe schema SCHEMA.The results

obtained will be cached,so further calls tothiscommand will return

the cached entries.See"fetch"command.

e.g:"tables mysql"

-columns<SCHEMA><TABLE>:Fetches the columns forthe table TABLE,in

the schema SCHEMA.The results obtained will be cached,so further calls

tothiscommand will returnthe cached entries.See"fetch"command.

e.g:"columns mysql user"

-recursive(schemas|tables<SCHEMA>):Recursively fetches the structure

of all schemas orjust of the SCHEMA ifused with tables.

-query<SCHEMA><TABLE>COLUMN1[,COLUMN2[,COLUMN3[...]]][where COND]:

Performaquery tofetch every column given,using the table TABLE

located inthe schema SCHEMA.A"where condition"can be given.Note

that The Mole will take care of any stringconversions required on the

condition.Therefore,you can usestringliterals(using single quotes)

even ifthe server escapes them.Note that no caching isperformed

when executing thiscommand.

e.g:query mysql user User,Password where User='root'

-fetch<schemas|tables|columns>[args]:Thiscommand calls schemas,

tables orcolumns commands depending on the arguments given,forcing

them torefetch entries,even ifthey have already been dumped.This

isuseful when,after having stoppedaquery inthe middle of it,you

want tofetch all of the results andnotjust those that you were able

todump before stopping it.

e.g:"fetch columns mysql user"

-readfile<FILE>:Read the FILE from the remote server(ifpossible)

andprint it.

-find_tables<SCHEMA><TABLE1>[<TABLE2>,...]:Bruteforce tofind if

the TABLES given asparameters are part of the SCHEMA.Useful forMySQL

version4where no information_schema available.

-find_tables_like<SCHEMA><FILTER>:Performaquery toextract all

tables from SCHEMA that match the LIKE filter given asparam FILTER.

-find_users_table<SCHEMA>:Bruteforce tofind tables inSCHEMA that

match common names fortables where usernames are stored.

-cookie[COOKIE]:Gets/setsacookie tobe sent ineachHTTP request's

headers.

- mode <union|blind>: Sets the SQL Injection exploitation method. By

default, union mode is used. If the injection cannot be exploited using

this mode, change it to blind using "mode blind" and try again. Nothing

else has to be configured to go from union to blind mode, as long as you

have already set the URL and needle.

- prefix [PREFIX]: Gets/sets the prefix for each request. The prefix

will be appended to the URL'svulnerable parameter on eachrequest.

-suffix[SUFFIX]:Gets/sets the suffix foreachrequest.The suffix

will be appended after the injection code on the URL's vulnerable

parameter.

- verbose <on|off>: Sets the verbose mode on and off. When this mode is